In today’s diverse and sophisticated threat landscape, CISOs and IT departments face daunting information security challenges. When you start to secure your network and monitor the events occurring then SIEM solution comes in, but they are expensive and time consuming. While that may be true with enterprise SIEM products placed into environments that don’t have the capability to manage them, technology does exist for smaller security departments.
So first let’s look at selecting a SIEM solution, when selecting a SIEM product you have to involve architecture leaders from different groups, asking them to respond to an in-depth questionnaire regarding what would help them improve their jobs. The next step would be to check the different reports available in the market from analysis or product reviewers and read about each and every company in detail. I suggest to go the company who has a vision and strong research team, as there are many instance in the market that most of the big companies has stopped there SIEM solution so if you choose any such product then you will end up with a box collecting logs but no more support.
When you have done with selecting the brand now then be very careful in sizing your box, as vendors will help you out but plan for next 5 years or at least 3 years ahead for your network logs that would be coming in. The worst thing you can do when purchasing any security product is to allow the vendor to define your requirements. Before you let a salesperson through the door, clearly define your expectations for a SIEM system.
Are you planning to use it as the cornerstone of a 24×7 security monitoring system? Will it be used to manage insider threats? Are you aiming to correlate attacks against your borders at multiple facilities? Is it simply a means of checking off some boxes on a compliance audit?
If compliance is a driving force in your search for a SIEM system, you probably have even more homework to do. SIEM systems vary widely here: Some fully embrace compliance with sets of built-in compliance-specific correlation rules, reports, and dashboard-type functionality; others include a few basic reports and claim they’ll support your compliance initiative.